Date: Wed, 09 May 2007 17:34:27 -0400 From: Richard Stallman rms@gnu.org
Can TC be used to enhance security if it's used with free software?
If you can do this without contributing to any tendency to legitimize treacherous computing, then it is harmless. But you must MAKE SURE you don't contribute to such a tendency. Don't leave it to chance!
This is the important point. It's very easy to rationalise a purchase of hardware containing treacherous computing technology with the fallacious logic of "It's possible to conceive of a non-harmful use; therefore, it's not certain that this is harmful; therefore, I can dismiss any argument telling me I shouldn't buy this."
That faulty logic has been distressingly common in this thread.
On Thu, 2007-05-10 at 08:51 +1000, Ben Finney wrote:
This is the important point. It's very easy to rationalise a purchase of hardware containing treacherous computing technology with the fallacious logic of "It's possible to conceive of a non-harmful use; therefore, it's not certain that this is harmful; therefore, I can dismiss any argument telling me I shouldn't buy this."
That faulty logic has been distressingly common in this thread.
As opposed to the logic that if the hardware comes with free software drivers and is entirely under your control, then it's pretty difficult to understand an argument which purports it to be harmful?
The faulty logic I've been seeing has been more related to people not having much clue about "treacherous" hardware, the different types, what they do and how they work. It is actually relatively easy to distinguish between "harmful" and "not harmful" hardware, and willingness to use and appreciate one doesn't imply anything about the other.
Cheers,
Alex.
On 10-May-2007, Alex Hudson wrote:
On Thu, 2007-05-10 at 08:51 +1000, Ben Finney wrote:
This is the important point. It's very easy to rationalise a purchase of hardware containing treacherous computing technology with the fallacious logic of "It's possible to conceive of a non-harmful use; therefore, it's not certain that this is harmful; therefore, I can dismiss any argument telling me I shouldn't buy this."
That faulty logic has been distressingly common in this thread.
As opposed to the logic that if the hardware comes with free software drivers and is entirely under your control, then it's pretty difficult to understand an argument which purports it to be harmful?
You've snipped the point I quoted from RMS's message. If you're dismissing it without addressing it, that makes "difficult to understand" a bit hollow.
Here it is again:
RMS wrote:
Can TC be used to enhance security if it's used with free software?
If you can do this without contributing to any tendency to legitimize treacherous computing, then it is harmless. But you must MAKE SURE you don't contribute to such a tendency. Don't leave it to chance!
The purchase of the hardware, and the legitimisation of treacherous computing that results, is not improved by the control you speak of.
"So long as I have control of my hardware, I'm alright Jack" doesn't reduce the tendency to produce and propagate this stuff, just like it doesn't get rid of proprietary software.
On Thu, 2007-05-10 at 18:01 +1000, Ben Finney wrote:
On 10-May-2007, Alex Hudson wrote:
As opposed to the logic that if the hardware comes with free software drivers and is entirely under your control, then it's pretty difficult to understand an argument which purports it to be harmful?
You've snipped the point I quoted from RMS's message. If you're dismissing it without addressing it, that makes "difficult to understand" a bit hollow.
Actually, I did address it. I said, ``The faulty logic I've been seeing has been more related to people not having much clue about "treacherous" hardware, the different types, what they do and how they work''.
To be clearer, the TPM chip in IBM laptops is not the same hardware as the Palladium SCP chip. It's basically the same as having an in-built smart card or other security token. It doesn't "boot" the laptop or have any execution capability at all, it doesn't have any manufacturer-set endorsement certifications.
If you want to lump it in with other "treacherous computing" hardware then that's up to you; but I won't on the same basis that I don't count smart cards as TPM chips. The only practical difference between the two is that it's a bit harder to unplug the TPM chip (and yes, it is unpluggable).
Cheers,
Alex.
Ben Finney wrote:
RMS wrote:
Can TC be used to enhance security if it's used with free software?
If you can do this without contributing to any tendency to legitimize treacherous computing, then it is harmless. But you must MAKE SURE you don't contribute to such a tendency. Don't leave it to chance!
The purchase of the hardware, and the legitimisation of treacherous computing that results, is not improved by the control you speak of.
"So long as I have control of my hardware, I'm alright Jack" doesn't reduce the tendency to produce and propagate this stuff, just like it doesn't get rid of proprietary software.
The main point is: if we use a tc device, are we contributing to legitimate the use of those devices? Who draws the line?
It's very difficult, once you have a tc device to speak clearly against it. If you say: "all right, I have this tc device but I use it only with free software" how can you be sure that people (who NEVER pay so much attention to the words) don't get this sentence as "tc devices are ok, my friend has one and it's harmless"?
Consider the fact that the majority of people unaware of this dangers are Windows users, not GNU users.
And tc in combination with proprietary software... you know. :)
I think the risk is too high and the benefits too low.
IMHO.
Am Donnerstag, 10. Mai 2007 14:46 schrieb arc:
The main point is: if we use a tc device, are we contributing to legitimate the use of those devices?
I think the main point is, are we able to fight against a new technology? Can we prevent its introduction and use?
What about creating new scenarios and a new terminology, where the technology will be used ethically with Free Software? Is this possible?
Happy hacking! Patrick
On 10-May-2007, Patrick Ohnewein wrote:
Am Donnerstag, 10. Mai 2007 14:46 schrieb arc:
The main point is: if we use a tc device, are we contributing to legitimate the use of those devices?
I think the main point is, are we able to fight against a new technology? Can we prevent its introduction and use?
The fight against DRM technology is going surprisingly well. The issues are becoming understandable and known by people I would never have expected to care about the issues.
I don't see why we can't gain similar exposure of the threats of treacherous computing -- but *only* if we make our actions match our words, and reject it as clearly and consistently as we reject DRM.
Am Donnerstag, 10. Mai 2007 14:46 schrieb Ben Finney:
On 10-May-2007, Patrick Ohnewein wrote:
I think the main point is, are we able to fight against a new technology? Can we prevent its introduction and use?
The fight against DRM technology is going surprisingly well. The issues are becoming understandable and known by people I would never have expected to care about the issues.
I don't see why we can't gain similar exposure of the threats of treacherous computing -- but *only* if we make our actions match our words, and reject it as clearly and consistently as we reject DRM.
Do you think that preventing the diffusion of TPM chips can be gained by convincing all members of the Free Software community not to buy new hardware and ignore all new devices?
On wikipedia I read: "The U.S. Army requires that every new small PC it purchases must come with a Trusted Platform Module (TPM)[...]. According to the International Data Corporation, by 2010 essentially all portable PCs and the vast majority of desktops will include a TPM chip." [1]
I fear that the market share of pure Free Software systems will not grow fast enough to prevent the diffusion. :-(
In the same wikipedia article I read about a suggested extension called "Owner Override"[2].
I am not an expert on this field, but if this suggestion can be a solution to guarantee the owners rights to have full control over his devices and data, I would suggest to lobby for its introduction.
Public administrations should have an open ear about the issues of control over their systems and over their data. They don't want to be controlled by a foreign software company or hardware producer and they want not to risk to lose the ability to access backuped data in the future.
Let's change the technology in such a way that it gets usefull and gives control back to its users.
What do you think, could this be a winning strategy?
Happy hacking! Patrick
[1] http://en.wikipedia.org/wiki/Trusted_Computing [2] http://en.wikipedia.org/wiki/Trusted_Computing#Suggestion_for_Owner_Override
On 10-May-2007, Patrick Ohnewein wrote:
I don't see why we can't gain similar exposure of the threats of treacherous computing -- but *only* if we make our actions match our words, and reject it as clearly and consistently as we reject DRM.
Do you think that preventing the diffusion of TPM chips can be gained by convincing all members of the Free Software community not to buy new hardware and ignore all new devices?
That's nothing like "reject it as clearly and consistently as we reject DRM". You're talking about silence. I'm talking about making the problems clearly and widely known, while making our actions observably mesh with our words, as we've done with DRM.
Am Freitag, 11. Mai 2007 00:54 schrieb Ben Finney:
On 10-May-2007, Patrick Ohnewein wrote:
I don't see why we can't gain similar exposure of the threats of treacherous computing -- but *only* if we make our actions match our words, and reject it as clearly and consistently as we reject DRM.
Do you think that preventing the diffusion of TPM chips can be gained by convincing all members of the Free Software community not to buy new hardware and ignore all new devices?
That's nothing like "reject it as clearly and consistently as we reject DRM". You're talking about silence. I'm talking about making the problems clearly and widely known, while making our actions observably mesh with our words, as we've done with DRM.
No, I am not talking about silence, because if we are able to convince all Free Software users to not buy devices containing TPM chips, it will already be a big thing in my eyes.
But let's say we are able to convince them all, it will not be enough. Because most decision takers, deciding about the acquisition of big volumes of hardware, are not people inside the Free Software community.
I don't say that your arguments are wrong or that we have to accept TPM chips. I would only like to find a strategy to solve the problem, a strategy which allows us to make a constructive proposal to politicians and decision makers of the public administrations. If the PAs by law define that they can buy only systems, which garantee full control over all hardware and data, changes like the introduction of "Owner Override" into the TPM chips will be enforced.
I would be interested to get the information from someone more expert in this topic, if the "Owner Override" is enough for the user to gain control back or not.
And if yes, I would like to know, if there is someone planning to do some lobbying for this extension.
Happy hacking! Patrick
Qui, 2007-05-10 às 22:46 +1000, Ben Finney escreveu:
The fight against DRM technology is going surprisingly well. The issues are becoming understandable and known by people I would never have expected to care about the issues.
So well they're (HBO) now trying to replace DRM with DCE.
IIRC, this new acronym stands for:
Digital Consumer Enablement
But it's just DRM with another name, since we've achieved one great thing: people now see DRM and they know it's not for their own good.
This new name is much more dangerous since it's appealing. I propose to replace it with:
Digital Consumer Encarceration
Or maybe some better words, but hey, this is my first thought... :)
Read more in here: http://www.hill-kleerup.org/blog/2007/05/10/war_is_peace_freedom_is_s.html
I don't see why we can't gain similar exposure of the threats of treacherous computing -- but *only* if we make our actions match our words, and reject it as clearly and consistently as we reject DRM.
And now there's DCE as well!
Rui
Rui Miguel Silva Seabra rms@1407.org wrote:
Digital Consumer Enablement
[...which is more like...]
Digital Consumer Encarceration
Ye gods! Won't they ever learn that the street can screw any acronym?
Do we want to call it: Digital Customer Emasculation (too misunderstandable?); Don't-Copy Enforcement; Device-Crippling Electronics; Death of Consumer Entertainment; Designed by Corporate Entertainment lawyers; or something else?
Hopefully it will finally lead to the long-overdue Dead Cocksuckers in the Entertainment industry. Bye bye HBO?
Regards,
On Fri, 11 May 2007 13:46, rms@1407.org said:
So well they're (HBO) now trying to replace DRM with DCE.
Ah well, DEC's Distributed Computing Environment comes back in another incarnation - but this time using a centralized approach.
SCNR,
Werner
On 11-May-2007, Werner Koch wrote:
On Fri, 11 May 2007 13:46, rms@1407.org said:
So well they're (HBO) now trying to replace DRM with DCE.
Ah well, DEC's Distributed Computing Environment comes back in another incarnation - but this time using a centralized approach.
Deliberately Crippled Electronics.
On Tuesday 15 May 2007 01:35, Ben Finney wrote:
On 11-May-2007, Werner Koch wrote:
On Fri, 11 May 2007 13:46, rms@1407.org said:
So well they're (HBO) now trying to replace DRM with DCE.
Ah well, DEC's Distributed Computing Environment comes back in another incarnation - but this time using a centralized approach.
Deliberately Crippled Electronics.
:)
Digital Crippled Entertainment
Anastasios
On Thu, 2007-05-10 at 14:46 +0200, arc wrote:
Ben Finney wrote:
RMS wrote:
Can TC be used to enhance security if it's used with free software?
If you can do this without contributing to any tendency to legitimize treacherous computing, then it is harmless. But you must MAKE SURE you don't contribute to such a tendency. Don't leave it to chance!
The purchase of the hardware, and the legitimisation of treacherous computing that results, is not improved by the control you speak of.
"So long as I have control of my hardware, I'm alright Jack" doesn't reduce the tendency to produce and propagate this stuff, just like it doesn't get rid of proprietary software.
The main point is: if we use a tc device, are we contributing to legitimate the use of those devices?
If you use it in a positive way, certainly.
Who draws the line?
The user, if _you_ control it, it is positive, if _you_ (and by you I mean the legal owner, be it a physical or a legal person) don't, no it is not good and becomes treacherous.
It's very difficult, once you have a tc device to speak clearly against it.
I don;t speak against my FSFE-Fellow Smart card.
If you say: "all right, I have this tc device but I use it only with free software" how can you be sure that people (who NEVER pay so much attention to the words) don't get this sentence as "tc devices are ok, my friend has one and it's harmless"?
Generally, it is not the software you use that matters. It's who controls the keys and the chip. The way you address the problem only confuses people without clear guidance.
Consider the fact that the majority of people unaware of this dangers are Windows users, not GNU users.
And tc in combination with proprietary software... you know. :)
The TC in ThinkPads need proprietary software do be really dangerous, but that's not the TPM Stallman fears. That's Palladium (or whatever the last name) where even Free Software wouldn't make any difference, because the control starts at boot in hardware before any software is loaded.
I think the risk is too high and the benefits too low.
I think people should concentrate on making other people aware of the problem (and clear it up themselves), but current laptops have nothing bad. TiVo machines are an example of bad hardware, those should be avoided.
Simo.
On Thu, 2007-05-10 at 09:12 -0400, simo wrote:
On Thu, 2007-05-10 at 14:46 +0200, arc wrote:
Consider the fact that the majority of people unaware of this dangers are Windows users, not GNU users.
And tc in combination with proprietary software... you know. :)
The TC in ThinkPads need proprietary software do be really dangerous, but that's not the TPM Stallman fears. That's Palladium (or whatever the last name) where even Free Software wouldn't make any difference, because the control starts at boot in hardware before any software is loaded.
Simo - just to be clear, if we're talking specifically about the TC in Thinkpads, it might be theoretically possible to use them in such a scenario, but the way they come out of the factory it would be very difficult. There is no root certificate or chain of trust that you could turn no, nor no private key that Microsoft (or whoever) could use to sign a kernel that would be the only one allowed to boot. They basically come as empty containers.
Of course, you could maybe ship a custom bios that uses the TPM chip in the Thinkpad to store keys that do check the boot software, but if you're doing that you don't actually need the TPM chip - you can do basically the same thing in the BIOS (witness the problems using non-IBM wifi cards in Thinkpads).
And you're right, the proposed Palladium system is not what is in Thinkpads - different chip, different idea, and I don't for one second support that kind of scenario.
I think people should be less concerned about supposed problems with TPM chips and more concerned with stuff like UEFI which actually does threaten users' control over their machines, e.g.:
http://fosdem.org/2007/interview/ronald+g+minnich
Unlike Palladium, you can actually buy hardware with this stuff in (for example, Macs).
Cheers,
Alex.
On Thu, 2007-05-10 at 14:33 +0100, Alex Hudson wrote:
Simo - just to be clear, if we're talking specifically about the TC in Thinkpads, it might be theoretically possible to use them in such a scenario, but the way they come out of the factory it would be very difficult. There is no root certificate or chain of trust that you could turn no, nor no private key that Microsoft (or whoever) could use to sign a kernel that would be the only one allowed to boot. They basically come as empty containers.
Of course, you could maybe ship a custom bios that uses the TPM chip in the Thinkpad to store keys that do check the boot software, but if you're doing that you don't actually need the TPM chip - you can do basically the same thing in the BIOS (witness the problems using non-IBM wifi cards in Thinkpads).
And you're right, the proposed Palladium system is not what is in Thinkpads - different chip, different idea, and I don't for one second support that kind of scenario.
I think people should be less concerned about supposed problems with TPM chips and more concerned with stuff like UEFI which actually does threaten users' control over their machines, e.g.:
http://fosdem.org/2007/interview/ronald+g+minnich
Unlike Palladium, you can actually buy hardware with this stuff in (for example, Macs).
I agree with you on every single word, Simo.
The TC in ThinkPads need proprietary software do be really dangerous, but that's not the TPM Stallman fears. That's Palladium (or whatever the last name) where even Free Software wouldn't make any difference, because the control starts at boot in hardware before any software is loaded.
I object to both of them, because both attack our freedom in ways that we cannot overcome by developing and using free software. The TPM is designed for "remote attestation", which enables a web site to check whether you are running the "official" DRM-afflicted software. If you are not -- for instance, if you have installed GNU/Linux instead -- then the site simply refuses to talk to you. And the "official" DRM-afflicted software won't let you redistribute whatever you got from that site.
The result is that there is no way to talk to the site from a machine running free software. It is not just hard, it is not just illegal in some countries whose governments are against their own citizens. It is impossible.
That is what makes treacherous computing so dangerous.
You are right that the essence of treacherous computing is encryption that uses keys not fully under the user's control. However, just installing your own key does not overcome the problem. Doing that won't enable you to talk to the web sites that do remote attestation. On the contrary, it will make sure you can't talk to them. They know what key your machine is supposed to have, and if you have replaced that key, your machine will never work with those sites.